Skip to main content
Sandro Gauci

Sandro Gauci, Enable Security

VoIP security workshop at BruCON 2009

Published on Sep 17, 2009 in , ,

I’m back in my little island after SEC-T (which had excellent content btw!) but already need to leave again. This time to Brussels for BruCON, and together with Joffrey Czarny, I’ll be hosting a workshop solely dedicated to VoIP security auditing.

Joffrey will be focusing on Cisco and other vendors and I’m really looking forward to that! I, on the other hand, will be talking more about freely available software such as Asterisk, Trixbox and X-lite. Here’s a small preview of what’s to come:

  • How to use siplib.py and iax2lib.py (used in VOIPPACK) to build security tools
  • We’ll build scanners and extension enumeration tools in both SIP and IAX2
  • Showing that INVITE flood is just 3 lines of code which can bring down popular VoIP software (and we get to build those 3 lines of code!)
  • Showing denial of service issues (patched) in Asterisk
  • Reproducing the SIP digest leakage in less than 50 lines of code
  • Demonstration of web related issues that affect PBX servers
  • Show of how IPS systems can actually be harmful in the world of UDP

Looking forward to this .. if you want to join register at this page. Just 5 seats left!


Sandro Gauci

Sandro Gauci

CEO, Chief Mischief Officer at Enable Security

Sandro Gauci leads the operations and research at Enable Security. He is the original developer of SIPVicious OSS, the SIP security testing toolset. His role is to focus on the vision of the company, design offensive security tools and engage in security research and testing. Therefore, he is the proud owner of the title of Chief Mischief Officer at Enable Security.

He offers public office hours and is reachable here.